An audit log, in the context of security, refers to a chronological record of activities or events that occur within a system or network. It provides a detailed account of various actions, such as logins, file accesses, configuration changes, and administrative activities, performed by users, applications, or devices.

The primary purpose of an audit log is to enhance security and facilitate forensic investigations by capturing relevant information about system events. It allows organizations to monitor and review the activities within their infrastructure, detect potential security incidents, and investigate any suspicious or unauthorized behavior.

Learn how to effectively check the Microsoft Windows audit log using the Event Viewer tool with this comprehensive step-by-step guide. Discover how to navigate the security audit log, apply filters, view specific events, and export log entries for further analysis. Enhance your security monitoring and forensic investigations with a solid understanding of Windows audit logs

Important Audit Log Elements

Key elements typically included in an audit log entry are:

1. Timestamp: The date and time when the event occurred.
2. Event Description: A brief explanation of the activity or event.
3. User identification: The identity or username associated with the action.
4. Source or origin: The location or system from which the event originated.
5. Outcome or result: The status or outcome of the event (success, failure, error).
6. Relevant data: Any additional information associated with the event.

By analyzing audit logs, security teams can identify security breaches, unauthorized access attempts, insider threats, or any unusual patterns of activity.

The information stored in audit logs can also help organizations meet compliance requirements, demonstrate adherence to security policies, and support legal investigations if necessary.

It is important to secure and protect audit logs themselves, as tampering with or deleting audit logs can be a tactic used by malicious actors to cover their tracks.

Therefore, organizations often implement measures to ensure the integrity and confidentiality of audit logs, such as storing them in secure locations, encrypting them, and implementing strict access controls.

Step-by-Step Guide to Check Microsoft Windows audit log

To check the Microsoft Windows audit log, you can follow these step-by-step instructions:

Step 1: Open Event Viewer

• Press the Windows key on your keyboard or click on the Start button.
• Type “Event Viewer” in the search bar, and then click on the “Event Viewer” app that appears in the search results.

Step 2: Navigate to the Security Audit Log

• In the Event Viewer window, you’ll see a list of event categories on the left-hand side. Expand the “Windows Logs” category by clicking on the arrow next to it.
• Click on the “Security” log. This log contains security-related events, including audit log entries.

Step 3: Filter and View Audit Log Entries

• With the Security log selected, you’ll see a list of events in the middle pane, displayed in chronological order.
• You can browse through the list to manually check the events, but for a more specific search, use the filter option.
• In the Actions pane on the right-hand side, click on “Filter Current Log.”

Step 4: Define the Filter Criteria

• In the Filter Current Log window, you can specify the criteria to filter the audit log entries based on your requirements.
• For example, you can filter by specific event types, event sources, usernames, or time ranges.
• Enter the filter criteria based on the information you want to retrieve from the audit log.

Step 5: Apply the Filter and View the Results

• After defining the filter criteria, click on the “OK” button to apply the filter.
• The Event Viewer will display the audit log entries that match the specified criteria in the middle pane.
• You can click on any log entry to view its details, including the timestamp, event description, user identification, and other relevant information.

Step 6: Export or Save Audit Log Entries (optional)

• If you need to save or share the audit log entries, you can export them to a file.
• Right-click on the Security log in the left-hand pane and select “Save All Events As…”
• Choose a file name, location, and format (e.g., CSV, XML) for the exported audit log file.

That’s it! By following these steps, you should be able to check the Microsoft Windows audit log using the Event Viewer tool. Remember to adjust the filter criteria according to your specific requirements to narrow down the results and focus on the desired events.

10 interesting Facts about Microsoft Windows Audit Log

1. The Windows Audit Log is also known as the Security Event Log, as it primarily captures security-related events.
2. The Windows Audit Log is an essential component of Windows operating systems, including Windows 10, Windows Server, and previous versions.
3. The Audit Log records a wide range of events, including successful and failed login attempts, file and folder access, system configuration changes, and application activities.
4. Audit Log entries are categorized based on event types, such as account management, logon/logoff, object access, policy change, privilege use, and system events.
5. Windows provides a powerful tool called Event Viewer to view and manage the Audit Log. It allows users to filter, search, and export log entries for analysis.
6. Audit Log entries can be invaluable for detecting security breaches, identifying unauthorized access attempts, and investigating suspicious activities within a Windows system.
7. Organizations often configure Audit Log settings to meet their specific security and compliance requirements. This includes enabling or disabling specific types of events to be logged.
8. Audit Log entries contain detailed information, including the timestamp of the event, the user or process responsible, the event’s outcome (success or failure), and any relevant data associated with the event.
9. Security Information and Event Management (SIEM) solutions often integrate with Windows Audit Logs, allowing centralized monitoring, analysis, and correlation of log data from multiple systems.
10. The retention period for Audit Log entries can be customized. Organizations can configure the log rotation and archiving policies based on storage capacity and compliance needs.

The post Step-by-Step Guide to Check Microsoft Windows Audit Log with Event Viewer appeared first on iLovePhD.

A buffer overflow attack is a type of security vulnerability and attack that occurs when a program attempts to store more data in a buffer, or temporary storage area than it can hold. This can lead to the extra data overflowing into adjacent memory locations, corrupting or overwriting critical data structures or executable code.

Buffer Overflow Attacks: Definition, Examples, and Prevention | iLovePhD

Here’s a step-by-step explanation of how a buffer overflow attack typically occurs:

1. A buffer is a finite-sized memory space allocated to store data temporarily. It is often used to hold input from a user or data from a file.
2. An attacker deliberately crafts input data that exceeds the capacity of the buffer. For example, if a buffer is designed to hold 100 characters, the attacker may send 200 characters as input.
3. The program, unaware of the buffer’s size limitation, blindly copies the input into the buffer, unaware that it has overflowed.
4. The excess data spills into adjacent memory locations, which can include important data structures, control information, or even executable code.
5. If the overwritten data includes critical information, such as function pointers or return addresses, the attacker can gain control over the program’s execution flow.
6. By carefully manipulating the overflowed data, the attacker can execute malicious code, inject their own commands, or take advantage of the compromised program to gain unauthorized access, escalate privileges, or launch further attacks.

Buffer overflow attacks are particularly dangerous because they can lead to remote code execution, where an attacker can execute arbitrary code on the target system. This can result in system compromise, data breaches, and the potential for further exploitation.

10 Buffer overflow attack examples

Here are 10 examples of buffer overflow attacks:

1. Morris Worm (1988): One of the earliest and most famous buffer overflow attacks, the Morris Worm exploited a buffer overflow vulnerability in the finger daemon, causing widespread disruption on the early Internet.
2. Code Red (2001): The Code Red worm targeted Microsoft IIS web servers and exploited a buffer overflow vulnerability in the Indexing Service DLL, allowing remote code execution and causing significant damage.
3. Slammer (2003): Slammer, also known as the SQL Slammer worm, exploited a buffer overflow vulnerability in Microsoft SQL Server, spreading rapidly and causing network congestion and disruption.
4. Blaster (2003): The Blaster worm targeted a buffer overflow vulnerability in the Microsoft Windows Remote Procedure Call (RPC) interface, allowing remote code execution and leading to widespread system infections.
5. Sasser (2004): Sasser exploited a buffer overflow vulnerability in the Microsoft Windows LSASS service, enabling the worm to propagate quickly and causing system instability and disruption.
6. Heartbleed (2014): Heartbleed was a critical vulnerability in the OpenSSL cryptographic library. By exploiting a buffer overflow bug in the Heartbeat extension, attackers could steal sensitive information from affected servers.
7. Shellshock (2014): Shellshock targeted the Bash shell, a widely used command interpreter in Unix-based systems. By exploiting a buffer overflow vulnerability in Bash, attackers could execute arbitrary commands and gain unauthorized access.
8. Equifax Breach (2017): In the Equifax data breach, attackers exploited a buffer overflow vulnerability in the Apache Struts web application framework, compromising personal and financial information of millions of individuals.
9. WannaCry (2017): WannaCry ransomware leveraged a buffer overflow vulnerability in the Microsoft Windows SMBv1 protocol, spreading rapidly and encrypting files on infected systems, demanding ransom payments.
10. Meltdown and Spectre (2018): Meltdown and Spectre were vulnerabilities in modern microprocessors. By exploiting speculative execution and branch prediction flaws, attackers could read sensitive information from protected memory regions, including passwords and encryption keys.

Please note that these examples highlight notable buffer overflow attacks from the past, and it’s essential to stay vigilant and keep systems updated to mitigate the risks associated with such vulnerabilities.

To prevent buffer overflow attacks, developers should implement secure coding practices such as input validation, bounds checking, and using secure programming languages or libraries that handle memory management automatically.

Additionally, operating system and software vendors frequently release security patches and updates to mitigate known vulnerabilities, so it’s crucial to keep systems up to date to minimize the risk of buffer overflow attacks

The post Understanding Buffer Overflow Attacks: Definition and Prevention appeared first on iLovePhD.

In this article, iLovePhD presented the top 20 Scopus-indexed journals in Computer Security and Cryptography with an impact factor based on Google Scholar citation score. Researchers and scientists conducting studies on computer security networks, cryptography, and security implementations can submit their research findings in the following journals and conferences. Computer Security and Cryptography fall under the category “Computer Science and Engineering”.

Top 20 Scopus Indexed Journals in Computer Security and Cryptography

Hope this article would help you to select the Top 20 Scopus Indexed Journals in Computer Security and Cryptography to publish your valuable research finding.

The post Top Journals in Computer Security -Scopus Indexed Journals appeared first on iLovePhD.

Mendeley Data is a secure cloud-based repository where you can store your data, ensuring it is easy to share, cite and download free datasets, wherever you are.

By using Mendeley Data you can Search 24.4 million datasets from domain-specific and cross-domain repositories.

What is Mendeley?

Mendeley is a free reference manager and academic social network that can help you organize your research, collaborate with others online, and discover the latest research.

Features of free Mendeley Datasets

There are several features available in Mendeley data.

1. Make your research data citable

Unique DOIs and easy-to-use citation tools make it easy to refer to your research data.

Your published research data will include a Force11 compliant citation so that other researchers can effortlessly cite your research.

It will also provide a unique DOI for each version of your dataset so that your dataset’s citation will always be valid.

2. Share data privately or publicly

Securely share your data with colleagues and co-authors before publication.

You can also share your unpublished data with the colleagues and funding bodies to move your research forward. You have full control over who can see and download your research data.

Ensure long-term data storage

Your data is archived for as long as you need it by Data Archiving & Networked Services

3. Keep access to all versions

Mendeley Datasets supports versioning, making longitudinal studies easier.

4. Link your article to your data

The unique DOI makes it easy to connect your paper to the cited dataset.

5. Mendeley Data for Institutions

Mendeley Data offers modular research data management and collaboration solutions for your university, offering a range of institutional packages which can be tailored to best suit your research data requirements.

Mendeley Data Repository

How to Download Free Mendeley Datasets?

Hope, this article helps you to Download Free Mendeley Datasets for your research.

iLovePhD Datasets

10 Useful Apps for PhD Scholars | 2020

The post How to Download Free Mendeley Datasets? appeared first on iLovePhD.

What is Quantum Computing?

The interesting facts about what exactly quantum computing are:

• Quantum computing (QC) is a computing technique that uses superposition and quantum entanglement.
• A quantum computer is a device that performs QC.
• They are different from binary digital electronic computers based on transistors.
• Whereas common digital computing requires that the data be encoded into binary digits (bits), each of which is always in one of two definite states (0 or 1), quantum computation uses quantum bits, which can be in superpositions of states.
• A quantum Turing machine is a theoretical model of such a computer and is also known as the universal QC.
• A quantum computer with spins as quantum bits was also formulated for use as a quantum spacetime in 1968.
• Quantum computers are incredibly powerful machines that take a new approach to processing information.
• Built on the principles of quantum mechanics, they exploit complex and fascinating laws of nature that are always there but usually remain hidden from view.
• By harnessing such natural behaviour, QC can run new types of algorithms to process information more holistically.
• They may one day lead to revolutionary breakthroughs in materials and drug discovery, the optimization of complex man-made systems, and artificial intelligence. We expect them to open doors that we once thought would remain locked indefinitely.
• Acquaint yourself with the strange and exciting world of QC.

Post Quantum Cryptography – A Report

In the era of Big-Data, securing the data while transmitting on the internet and storing it in the smart device is extremely challenging. Post-quantum cryptography (QPC) is the buzzing term among cybersecurity specialists and cryptographers. we already aware of the emergence of QC but QPC is distinct from QC, which refers to using quantum phenomena to achieve secrecy and detect eavesdropping.

I Hope, this article helps you to know about what is QC and interesting facts about it.

Visit iLovePhD for the latest research-related information.

References:

Quantum Computing- Wiki

The post What is Quantum Computing? Interesting Facts appeared first on iLovePhD.

In the era of Big-Data, securing the data while transmitting on the internet and storing in the smart device is extremely challenging. Post-quantum cryptography(QPC) is the buzzing term among cybersecurity specialists and cryptographers. we already aware of the emergence of quantum cryptography(QC) but QPC is distinct from QC, which refers to using quantum phenomena to achieve secrecy and detect eavesdropping.

In this article, ilovephd provides a detailed report of Post Quantum Cryptography.

What is Cryptography?

“Cryptography is the study of secure communications techniques that allow only the sender and intended recipient of a message to view its contents. The term is derived from the Greek word kryptos, which means hidden. It is closely associated to encryption, which is the act of scrambling ordinary text into what’s known as ciphertext and then back again upon arrival. In addition, cryptography also covers the obfuscation of information in images using techniques such as microdots or merging ” -kaspersky

Quantum computers

Quantum computing is different from a traditional computer system what we using right now, it is basically the study of a non-classical model of computation. Whereas traditional models of computing such as the Turing machine or Lambda calculus rely on “classical” representations of computational memory, a quantum computation could transform the memory into a quantum superposition of possible classical states.

Quantum computers aren’t limited to two states. They encode information as quantum bits, or qubits, which can exist in superposition.

Qubits represent atoms, ions, photons or electrons and their respective control devices that are working together to act as computer memory and a processor. These computations more advance and faster than traditional computers.

Why are Quantum Computers(QCs) a Threat to Encryption?

Unlike normal computers, quantum machines use qubits that can represent numerous possible states of 1 and 0 at the same time which called a superposition state.

In this superposition, adding just a few extra qubits can lead to exponential leaps in processing power.

A quantum machine with 300 qubits could represent more values than there are atoms in the observable universe.

This enormous processing capacity of QCs will be used to crack all possible permutations of a cryptographic key in a relatively short time by hackers. 

One of the oldest quantum algorithm called Shor’s algorithm which can effectively factorize integers and solve discrete logarithm problems.

By using QCs, handling very large factorization and breaking public-key algorithms are absolutely possible with Shor’s algorithm.

What is Quantum Cryptography?

Quantum cryptography is the science of exploiting quantum mechanical properties to perform cryptographic tasks.

The best-known example of quantum cryptography is a quantum key distribution which offers an information-theoretically secure solution to the key exchange problem.

Advantage Quantum Cryptography

The advantage of quantum cryptography lies in the fact that it allows the completion of various cryptographic tasks that are proven or conjectured to be impossible using only classical (i.e. non-quantum) communication.

For example, it is impossible to copy data encoded in a quantum state. If one attempts to read the encoded data, the quantum state will be changed (no-cloning theorem). This could be used to detect eavesdropping in quantum key distribution.

Difference between Quantum Cryptography and Post Quantum Cryptography

Post-quantum cryptography also referred to as quantum-proof, quantum-safe or quantum-resistant which refers to cryptographic algorithms (usually public-key algorithms) that are thought to be secure against an attack by a quantum computer.

Quantum cryptography describes using quantum phenomena at the core of a security strategy.

Post-quantum cryptography is all about preparing for the era of quantum computing by updating existing mathematical-based algorithms and standards.

Post Quantum Cryptography Algorithms

• Lattice-based cryptography
• Multivariate cryptography
• Hash-based cryptography
• Code-based cryptography
• Supersingular elliptic curve isogeny cryptography
• Symmetric key quantum resistance

NIST Post-Quantum Project

NIST Post-Quantum Project is the process of standardizing one or more quantum-resistant public-key cryptographic algorithms.

NIST invites research contribution on quantum computers and quantum cryptography for peer review and analysis process.

The process analysis each proposal’s strengths and weaknesses, whether the work is built upon a different mathematical “hard problem.”

Courtesy: NIST-Post-Quantum Cryptography

The post Post Quantum Cryptography – A Report appeared first on iLovePhD.

The IMPRS-IDI is a vibrant international doctoral program with about 70 doctoral students from more than 20 different countries. It offers outstanding training and support in an excellent scientific network. Faculty members are affiliated with internationally renowned research institutes in Berlin as well as the Berlin universities.

Their mission is to support students to develop into creative and critical, responsible and self-confident young researchers.

It strives to provide excellent training for our students. The outstanding research projects analyzing the genetic, biochemical and organismal basis of infections and immune reactions in our graduate school program are supported by a flexible curriculum structure, including training courses and lectures on scientific topics as well as technical and complementary skills.

PhD projects

PhD projects are available and will start between March and October 2020.

• In vivo imaging and manipulation of the tuberculous granuloma (Cronan lab)
• The role of ILC for the maintenance of tumour stem cells (Diefenbach lab)
• Unravelling the seasonal epidemiology of invasive disease-causing bacteria Cellès lab)
• Pathogen factors and host immune responses to co-infections in Drosophila melanogaster (Iatsenko lab)
• The impact of low-fidelity genome replication on herpes virus (Osterrieder lab)
• Single-cell gene expression analysis of P. falciparum (Portugal lab)
• Visualizing immune cell activation at single-molecule resolution (Taylor lab)
• Mechanisms of Neutrophil Extracellular Trap formation (Zychlinsky lab)

Eligibility:

Applicants must hold a German Master (MSc), a German Diploma or an equivalent international degree in biology, biochemistry, bioinformatics, chemistry, or other related subjects. It is not necessary to hold the degree at the time of your application, but you will need a few weeks before you begin to work with us.

In rare instances and only for exceptional students, we accept applicants with a Bachelor’s degree. For these students, we offer a tailor-made preparatory program, which allows them to attend lectures and practical course to qualify for the doctoral phase. Some knowledge of German may be required for the preparatory program.

The language of our school is English. Therefore, all our doctoral students must have a very good command of English.

Call for PhD positions 2020

Highly motivated and talented candidates of all nationalities who are strongly committed to research. Applicants should hold an excellent M.Sc. or equivalent degree.

How to apply?

Applications are accepted via the online application platform. This platform is a “one-step” application system. You will not be able to save the application form in between or upload documents later. Please have all the relevant information and all documents ready once you enter the application process!

To be prepared, please read the following instructions:

• The online application form must be completed in English only.
• Your email address and postal mail address must be up to date!
• All fields marked with an “!” are required information. Fields marked with an “*” are limited in terms of characters accepted.
• In section 4 “References” you will have to provide the contact details of two referees that support your application. Our system will inform your referees automatically shortly after your application has been submitted. Make sure, there are no typos in the contact details – otherwise, the system cannot contact them. Please pick your referees carefully and inform them about their role. Please be aware that your referees will only have time to submit their references until October 31!
• You can choose your research group preferences according to the project descriptions in section 5. The pulldown menu allows you to choose faculty members that offer a project within this round of recruitment. The order of your choices is interpreted as a tentative ranking. However, it does not limit your choice at a later stage! Once you are invited to our assessment week you will have the opportunity to meet all faculty members that offer a project.
• Section 5.2 “Motivation and career plans” is one of the most critical parts of your application! You should clearly communicate why you are an ideal candidate for the IMPRS-IDI. Please comment also on your plans for your professional future. Here it is very important to be specific, meaningful and concise!
• In the end, we ask you to upload a single PDF document containing your CV, high school diploma, university certificates and transcripts and other supporting documents (such as GRE certificates, language tests, prize) in that order. The file should not exceed 10 MB. Please do NOT send thesis abstracts, posters or other documents of minor importance. Application documents that do not meet these criteria may be disregarded by the system.
• To submit your application, click the button “START”.

Successful submission will be confirmed by email shortly after submission. You will not be able to change anything after this point.

Apply here-> Registration

More Information-> www.mpiib-berlin.mpg.de

The post PhD positions-Call 2020-IMPRS-IDI appeared first on iLovePhD.

Advantages and disadvantages of getting a patent: A patent is an exclusive right granted by the government to the inventor for an invention which is a new and inventive solution to an existing technological problem.

The patent rights are granted for a limited period of time in exchange for complete public disclosure of the invention. Also, there are many possible advantages and disadvantages of Indian Patent Filing.

When deciding if you should apply for a patent, you should look at your invention and consider the risks of not patenting it against the costs of doing so. In this article, ilovephd provides major advantages and disadvantages of getting a patent registration.

Different types of patent

>A process, such as a computer algorithm.

>A machine used to make something.

>The specific item being manufactured.

>Improvement of an existing idea.

>Composition of matter- a recipe for a creation.

Requirements for patent registration

• Novelty: The invention must be new or novel, means that the invention must never have been made before, carried out before or used before.
• Inventive Step: The invention must be non-obvious or involve an inventive step that means it should not be obvious to the person skilled in the art. I
• Industrial Application: The invention must be useful or capable of industrial application. It must be capable of being made or used in the industry.
• Not publically/commercially disclosed: A patent application must be filed prior to any disclosure to the public that is it must not be known or used in public before the filing of the patent application.
• Patentable matter: Finally, the invention must be part of the “patentable subject matter” under the applicable law.

Advantages and disadvantages of getting a patent

Advantages of patent registration

• Copy protection: A patent provides a right to protect your idea from copying by others based on the intellectual property rights law.
• Filing a patent gives the inventor a legal monopoly on selling, using, making, distributing, importing, or exporting their creation for a specified time period.
• You have all rights to use your invention.
• You can take legal action against people who are using the patented invention without permission.
• You can collect the royalties from a patent when they have licensed.
• Profits gained by patent exploitation may be invested later in research and development projects.

Disadvantages of patents

• Patent protection will only extend to the country in which the patent is filed.
• When you file a patent application means making certain technical information about your invention publicly available.
• A patent can be an expensive process even if it unsuccessful. With patent fees, attorney fees, and the cost of creating drawings, a patent can run anywhere from $2,000 to $5,000, depending on its complexity.
• Applying for a patent can be a very time-consuming and lengthy process (typically three to four years).
• Do you have the financial resources to obtain patent protection in the countries in which you intend to market your invention?
• You’ll need to remember to pay your annual fee or your patent will lapse.
• You will need to be prepared to defend your patent.

Hope, this article helps you to identify the major advantages and disadvantages of filing a patent.

Courtesy: USPTO.GOV

The post Advantages and disadvantages of getting a patent appeared first on iLovePhD.

Security in the Internet of Things(IoT) is the major concern when all the physical entities are connected to the internet because IoT devices are lightweight and the implementation of security algorithms in these devices are very difficult. This post covers important Security Techniques in IoT Research for IoT security researchers ease.

Why IoT Security is required?

• Breaches of privacy
•  Cybercrime
• Physical safety in the home, across the city and within businesses
• Threats to national infrastructure
• Looming risks of cyberwar

Unique Challenges for IoT Security

• IoT relies on microcontrollers with limited memory and computational power
• This often makes it impractical to implement approaches designed for powerful computers
• This, in turn, requires constrained IoT devices to be hidden behind secure gateways
• Threats based upon gaining physical access to IoT devices
• How to bootstrap trust and security, and ways that this can unravel l Evolving technology
• More powerful Systems on a Chip (SOC) embedding hardware security support
• Ecliptic Curve Cryptography with reduced computational demands
• Anything that is exposed to the Internet must be securely software upgradable
• User experience must be good enough to avoid becoming a weak link in the chain
• The necessity of keeping up to date with security best practices

The Challenges for the IoT and Big Data

Lots of sensors will generate a vast amount of data

• API Research estimated 200 exabytes in 2014 and 1.6 zettabytes in 2020
• 90% is currently processed locally, although this varies by domain l This creates a greater volume of sensitive data, creating a greater risk of l Data and identity theft,
• Device manipulation, Data falsification, IP theft, server/network manipulation, etc. 
• Impact of introduction of data consolidation and analytics at the network edge.
• Cisco, HPE, and others.
• App platforms in the cloud or at the network edge will be targets for attacks.

Enabling Data Security for the Internet of Things

• Transport and app layer encryption
• TLS and DTLS for encrypting data transmitted over the Internet
• App layer encryption for greater security (e.g. as in financial transactions)
• Secure key exchange algorithms over unsecured channels
• Authentication and Key management
• IoT devices need to check that the server is who it says it is
• Servers likewise need to check this for IoT devices
• Asymmetric Public/Private key pairs vs Symmetric keys
• Tamper-resistant storage of keys and certificates
• Challenges for provisioning services

Authorization – Determining Who Can Do What

• Authorization rules
• Authentication of the data recipient
•  A simple form of rules as access control lists
• More general rules with complex conditions
• Capability-based security
• A capability is the communicable and unforgeable token of authority
• The token is associated with a set of access rights
• IETF work on ACE and JOSE
• ACE: Access control in Constrained Environments
• JOSE: JavaScript Object Signing and Encryption
• Relationship to models of trust
• Prior agreements between two parties l Attestations by trusted third parties

Privacy and the Internet of Things

• The IoT has the potential to provide huge and unprecedented amounts of personal information
• This information may last indefinitely
• Risk of abuse by individuals, criminals, companies and governments l Sense of intrusion into your personal space
• Fear of harm due to disclosure of personal information l Strongly identifying information
• Your address, date of birth, sexual orientation, and so on.
• The principle of data minimization – high cost to companies for handling personal data securely
• Privacy policies determining what purposes data can be used for, and for how long l Weakly identifying information
• When sufficient such data is combined this can uniquely characterize you
• Companies need to provide privacy policies on how they handle such data
• Need for adhering to best practices to avoid reputational damage to companies
• Including regulatory requirements

The IoT and the Web

• Web technologies are increasingly important for the IoT 
• Web protocols like HTTP 
• Semantic descriptions based on RDF l HTML5 and the Open Web Platform for human-machine interface 
• The Web security model and its relationship to the IoT
• Access rights for web apps are scoped to app’s origin 
• The Web is moving to encrypt all communication 
• It is important to transition the Web from passwords to public key cryptography. 
• Users authenticate to the browser, and browser authenticates to the website. 
• For the IoT, the user (owner) isn’t around at the time the device needs to authenticate itself to a service. 
• We, therefore, need a way for users to authorize the device in advance.
• This is a Form of Trust(FoT) delegation and introduces the need to authenticate users as well as service providers.

Implementing a energy, processing, and memory efficient security techniques to fulfill important IoT security requirement is still a challenging task.

You Might Also Love

IoT Implementation and Testing requirements

The post Security Techniques in IoT Research appeared first on iLovePhD.